RE: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar

From: Zach Forsyth (Zach.Forsyth_at_kiandra.com)
Date: 06/09/04

  • Next message: 404: "Re: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar"
    To: <mark@edwards.org>, <full-disclosure@lists.netsys.com>
    Date: Wed, 9 Jun 2004 17:28:33 +1000
    
    

    Try cwshredder.
    http://www.spywareinfo.com/~merijn/index.html

    Cheers

    z

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of mark
    Sent: Wednesday, 9 June 2004 3:51 PM
    To: full-disclosure@lists.netsys.com
    Subject: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal
    toolbar

    Anybody know about some trojan(s) that spawn a "tvm.exe" process, a
    "poll each.exe" process, inserts a "blehdefyreal" toolbar into IE, and
    hijacks the IE homepage to point to allaboutsearching.com? This thing
    also opens pop-ups pointing to this page:

    http://69.20.62.53/yyy3.html

    If the registry entries related to these processes are deleted then they
    keep being recreated.

    What is it? And how does one remove it?

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: 404: "Re: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar"

    Relevant Pages